3

Question 1

Amanda wants to securely destroy data held on DVDs. Which of the following options is not a suitable solution for this?

Burning

Pulverizing

Shredding

Degaussing

Answer 1

Degaussing

Question 2

Danielle wants to capture traffic from a network so that she can analyze a VoIP conversation. Which of the following tools will allow her to review the conversation most effectively?

tcpdump

A network SIPper

netcat

Wireshark

Answer 2

Wireshark

Question 3

Selah is following the Cyber Kill Chain model and has completed the delivery phase. What step is next according to the Kill Chain?

Weaponization

Installation

Actions on Objective

Exploitation

Answer 3

Exploitation

Question 4

Gene recently conducted an assessment and determined that his organization can be without its main transaction database for a maximum of two hours before unacceptable damage occurs to the business. What metric has Gene identified?

RPO

MTTR

RTO

MTBF

Answer 4

RTO

Question 5

Henry wants to check to see if services were installed by an attacker. What commonly gathered organizational data can he use to see if a new service appeared on systems?

Vulnerability scans

Flow logs

Registry dumps from systems throughout his organization

Firewall logs

Answer 5

Vulnerability scans

Question 6

Elaine wants to securely erase the contents of a tape used for backups in her organization’s tape library. What is the fastest secure erase method available to her that will allow the tape to be reused?

Wipe the tape by writing a random pattern of 1s and 0s to it.

Wipe the tape by writing all 1s or all 0s to it.

Use a degausser.

Incinerate the tape.

Answer 6

Use a degausser.

Question 7

Isabelle needs to select the EAP protocol that she will use with her wireless network. She wants to use a secure protocol that does not require client devices to have a certificate, but she does want to require mutual authentication. Which EAP protocol should she use?

EAP-TLS

EAP-FAST

PEAP

EAP-TTLS

Answer 7

PEAP

Question 8

Madhuri wants to check a PNG-formatted photo for GPS coordinates. Where can she find that information if it exists in the photo?

In the photo’s metadata

In the photo as a steganographically embedded data field

In the location.txt file appended to the PNG

On the original camera

Answer 8

In the photo’s metadata

Question 9

Chris wants systems that connect to his network to report their boot processes to a server where they can be validated before being permitted to join the network. What technology should he use to do this on the workstations?

UEFI/Trusted boot

UEFI/Measured boot

BIOS/Measured boot

BIOS/Trusted boot

Answer 9

UEFI/Measured boot

Question 10

Ben wants to implement a RAID array that combines both read and write performance while retaining data integrity if a drive fails. Cost is not a concern compared to speed and resilience. What RAID type should he use?

RAID 1

RAID 10

RAID 6

RAID 5

Answer 10

RAID 10

Question 11

Gurvinder wants to select a mobile device deployment method that provides employees with devices that they can use as though they’re personally owned to maximize flexibility and ease of use. Which deployment model should he select?

COPE

BYOD

MOTD

CYOD

Answer 11

COPE

Question 12

How does technology diversity help ensure cybersecurity resilience?

It ensures that a vulnerability in a single company’s product will not impact the entire infrastructure.

If a single vendor goes out of business, the company does not need to replace its entire infrastructure.

It means that a misconfiguration will not impact the company’s entire infrastructure.

All of the above.

Answer 12

All of the above.

Question 13

Norm is using full-disk encryption technology to protect the contents of laptops against theft. What goal of cryptography is he attempting to achieve?

Nonrepudiation

Integrity

Confidentiality

Authentication

Answer 13

Confidentiality

Question 14

Mark unplugs the network connection from a system that is part of an incident and places tape over its Ethernet jack with a sign that says “Do not reconnect without approval from IR team.” How is this method best described?

Segmentation

Zoning

Isolation

Containment

Answer 14

Isolation

Question 15

Amanda wants to create a view of her buildings that shows Wi-Fi signal strength and coverage. What is this type of view called?

A heatmap

A PSK

A SSID chart

A channel overlay

Answer 15

A heatmap

Question 16

Gabby wants to implement a mirrored drive solution. What RAID level does this describe?

RAID 5

RAID 1

RAID 6

RAID 0

Answer 16

RAID 1

Question 17

Brenda’s company provides a managed incident response service to its customers. What term best describes this type of service offering?

MSP

SaaS

PaaS

MSSP

Answer 17

MSSP

Question 18

Aziz is responsible for the administration of an e-commerce website that generates $100,000 per day in revenue for his firm. The website uses a database that contains sensitive information about the firm’s customers. He expects that a compromise of that database would result in $500,000 of fines against his firm.

Aziz is assessing the risk of a SQL injection attack against the database where the attacker would steal all of the customer personally identifiable information (PII) from the database. After consulting threat intelligence, he believes that there is a 5 percent chance of a successful attack in any given year.

What is the exposure factor (EF)?

50%

5%

100%

20%

Answer 18

100%

Question 19

Selah infects the ads on a website that users from her target company frequently visit with malware as part of her penetration test. What technique has she used?

Whaling

Typosquatting

A watering hole attack

Vishing

Answer 19

A watering hole attack

Question 20

Charles wants to find out about security procedures inside his target company, but he doesn’t want the people he is talking to realize that he is gathering information about the organization. He engages staff members in casual conversation to get them to talk about the security procedures without noticing that they have done so. What term describes this process in social engineering efforts?

Elicitation

Prepending

Pharming

Suggestion

Answer 20

Elicitation

Question 21

Naomi believes that an attacker has compromised a Windows workstation using a fileless malware package. What Windows scripting tool was most likely used to download and execute the malware?

Bash

Python

PowerShell

VBScript

Answer 21

PowerShell

Question 22

Fred receives a call to respond to a malware-infected system. When he arrives, he discovers a message on the screen that reads “Send .5 Bitcoin to the following address to recover your files.” What is the most effective way for Fred to return the system to normal operation?

Pay the Bitcoin ransom.

Restore from a backup if available.

Run antimalware software to remove malware.

Wipe the system and reinstall.

Answer 22

Restore from a backup if available.

Question 23

Kyle is conducting a penetration test. After gaining access to an organization’s database server, he installs a backdoor on the server to grant himself access in the future. What term best describes this action?

Lateral movement

Persistence

Maneuver

Privilege escalation

Answer 23

Persistence

Question 24

Jim configures a Windows machine with the built-in BitLocker full disk encryption tool. When is the machine least vulnerable to having data stolen from it?

When the machine is booted and logged in but is asleep

When the machine is booted and logged in but is unlocked

When the machine is booted and logged in but is locked

When the machine is off

Answer 24

When the machine is off

Question 25

Allan is developing a document that lists the acceptable mechanisms for securely obtaining remote administrative access to servers in his organization. What type of document is Allan writing?

Standard

Guideline

Procedure

Policy

Answer 25

Standard

Question 26

Gabby wants to capture the pagefile for a system. Where will she find the pagefile stored?

In a CPU register

In memory

On disk

In device firmware

Answer 26

On disk

Question 27

Password complexity, password history, and password reuse are all examples of what?

Credential attributes

Account policies

Account audits

Access policies

Answer 27

Account policies

Question 28

Brian discovers that a user suspected of stealing sensitive information is posting many image files to a message board. What technique might the individual be using to hide sensitive information in those images?

Birthday attack

Steganography

Replay attack

Homomorphic encryption

Answer 28

Steganography

Question 29

Adam is conducting software testing by reviewing the source code of the application. What type of code testing is Adam conducting?

Mutation testing

Fuzzing

Static code analysis

Dynamic code analysis

Answer 29

Static code analysis

Question 30

Bonita has discovered that her organization is running a service on TCP port 636. What secure protocol is most likely in use?

SRTP

LDAPS

IMAPS

SNMPv3

Answer 30

LDAPS

Question 31

Kevin is configuring a web server to use digital certificates. What technology can he use to allow clients to quickly verify the status of that digital certificate without contacting a remote server?

Certificate pinning

Certificate stapling

OCSP

CRL

Answer 31

Certificate stapling

Question 32

Scott wants to allow users to bring their own credentials to his website so that they can log in using a Google or Microsoft account without giving him their passwords. What protocol can he use that will allow those users to grant the website access to their information?

Kerberos

RADIUS

OAuth

OpenID

Answer 32

OpenID

Question 33

Hitesh wants to keep a system online but limit the impact of the malware that was found on it while an investigation occurs. What method from the following list should he use?

Black holing

Isolation

Segmentation

Containment

Answer 33

Containment

Question 34

Michelle wants to ensure that attackers who breach her network security perimeter cannot gain control of the systems that run the industrial processes her organization uses as part of their business. What type of solution is best suited to this?

A cold aisle

A screened subnet

An air gap

A Faraday cage

Answer 34

An air gap

Question 35

During a penetration test, Patrick deploys a toolkit on a compromised system and uses it to gain access to other systems on the same network. What term best describes this activity?

OSINT

Privilege escalation

Footprinting

Lateral movement

Answer 35

Lateral movement

Question 36

Alex discovers that the network routers that his organization has recently ordered are running a modified firmware version that does not match the hash provided by the manufacturer when he compares them. What type of attack should Alex categorize this attack as?

An influence campaign

A supply chain attack

A pharming attack

A hoax

Answer 36

A supply chain attack

Question 37

Elaine wants to implement an AAA system. Which of the following is an AAA system she could implement?

LDAP

SAML

RADIUS

OAuth

Answer 37

RADIUS

Question 38

Rick performs a backup that captures the changes since the last full backup. What type of backup has he performed?

A new full backup

A differential backup

A snapshot

An incremental backup

Answer 38

A differential backup

Question 39

Angela wants to limit the potential impact of malicious Bash scripts. Which of the following is the most effective technique she can use to do so without a significant usability impact for most users?

Prevent execution of Bash scripts.

Disable Bash.

Switch to another shell.

Use Bash’s restricted mode.

Answer 39

Use Bash’s restricted mode.

Question 40

Alan’s team needs to perform computations on sensitive personal information but does not need access to the underlying data. What technology can the team use to perform these calculations without accessing the data?

Answer 40

Homomorphic encryption